Cloud-Native IDS
with eBPF
Decoupled Brain-Eye architecture: eBPF CO-RE probes collect kernel telemetry while a Rust stream core processes events through a 3-layer AI engine.
Technical Specs
Core Capabilities
3-Layer Hybrid AI Brain
Sigma-compatible Rule Engine + Isolation Forest anomaly detection (scikit-learn) + HMM sequence analysis for attack chain detection (e.g. curl→chmod→exec). CPU-only inference, no GPU required.
eBPF CO-RE Kernel Telemetry
Compile Once Run Everywhere eBPF probes via Aya framework (Rust) and cilium/ebpf (Go). Lock-free SPSC ring buffers for zero-copy data transfer.
Rust Stream Core (250k+ evt/s)
Tokio async runtime with WASM rule engine (wasmtime) for safe hot-reload. Protobuf serialization with rkyv optimization path for high-throughput event processing.
7 MITRE ATT&CK Categories
25+ detection rules mapped to MITRE: Container Escape (T1611), Fileless Attack (T1620), Lateral Movement (T1572), Privilege Escalation (T1548), Cryptominer (T1496), Supply Chain (T1195), APT/C2 (T1071).
Container Security
Docker/Kubernetes escape detection, Trivy/Grype image scanning integration.
Threat Intel
Threat intelligence feeds from MISP, AlienVault OTX, and Mandiant with IOC correlation.